apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "permify.fullname" . }} labels: {{- include "permify.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: {{- include "permify.selectorLabels" . | nindent 6 }} template: metadata: annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "permify.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "permify.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: ["serve"] ports: - name: grpc containerPort: {{ .Values.app.server.grpc.port }} - name: http containerPort: {{ .Values.app.server.http.port }} protocol: TCP - name: profiler containerPort: {{ .Values.app.profiler.port }} protocol: TCP - name: invoker containerPort: {{ .Values.app.distributed.port }} env: {{- if .Values.app.account_id }} - name: PERMIFY_ACCOUNT_ID value: "{{ .Values.app.account_id }}" {{- end }} {{- if .Values.app.server.rate_limit }} - name: PERMIFY_RATE_LIMIT value: "{{ .Values.app.server.rate_limit }}" {{- end }} {{- if .Values.app.server.name_override }} - name: PERMIFY_NAME_OVERRIDE value: "{{ .Values.app.server.name_override }}" {{- end }} {{- if .Values.app.server.grpc.port }} - name: PERMIFY_GRPC_PORT value: "{{ .Values.app.server.grpc.port }}" {{- end }} {{- if .Values.app.server.grpc.tls.enabled }} - name: PERMIFY_GRPC_TLS_ENABLED value: "{{ .Values.app.server.grpc.tls.enabled }}" - name: PERMIFY_GRPC_TLS_KEY_PATH value: "{{ .Values.app.server.grpc.tls.key }}" - name: PERMIFY_GRPC_TLS_CERT_PATH value: "{{ .Values.app.server.grpc.tls.cert }}" {{- end }} {{- if .Values.app.server.http.enabled }} - name: PERMIFY_HTTP_ENABLED value: "{{ .Values.app.server.http.enabled }}" {{- if .Values.app.server.http.port }} - name: PERMIFY_HTTP_PORT value: "{{ .Values.app.server.http.port }}" {{- end }} {{- if .Values.app.server.http.tls.enabled }} - name: PERMIFY_HTTP_TLS_ENABLED value: "{{ .Values.app.server.http.tls.enabled }}" - name: PERMIFY_HTTP_TLS_KEY_PATH value: "{{ .Values.app.server.http.tls.key }}" - name: PERMIFY_HTTP_TLS_CERT_PATH value: "{{ .Values.app.server.http.tls.cert }}" {{- end }} {{- if .Values.app.server.http.cors_allowed_origins }} - name: PERMIFY_HTTP_CORS_ALLOWED_ORIGINS value: {{ join "," .Values.app.server.http.cors_allowed_origins }} {{- end }} {{- if .Values.app.server.http.cors_allowed_headers }} - name: PERMIFY_HTTP_CORS_ALLOWED_HEADERS value: {{ join "," .Values.app.server.http.cors_allowed_headers }} {{- end }} {{- end }} {{- if .Values.app.profiler.enabled }} - name: PERMIFY_PROFILER_ENABLED value: "{{ .Values.app.profiler.enabled }}" - name: PERMIFY_PROFILER_PORT value: "{{ .Values.app.profiler.port }}" {{- end }} {{- if .Values.app.logger.level }} - name: PERMIFY_LOG_LEVEL value: "{{ .Values.app.logger.level }}" {{- end }} {{- if .Values.app.logger.output }} - name: PERMIFY_LOG_OUTPUT value: "{{ .Values.app.logger.output }}" {{- end }} {{- if .Values.app.logger.enabled }} - name: PERMIFY_LOG_ENABLED value: "{{ .Values.app.logger.enabled }}" {{- end }} {{- if .Values.app.logger.exporter }} - name: PERMIFY_LOG_EXPORTER value: "{{ .Values.app.logger.exporter }}" {{- end }} {{- if .Values.app.logger.endpoint }} - name: PERMIFY_LOG_ENDPOINT value: "{{ .Values.app.logger.endpoint }}" {{- end }} {{- if .Values.app.logger.insecure }} - name: PERMIFY_LOG_INSECURE value: "{{ .Values.app.logger.insecure }}" {{- end }} {{- if .Values.app.logger.urlpath }} - name: PERMIFY_LOG_URL_PATH value: "{{ .Values.app.logger.urlpath }}" {{- end }} {{- if .Values.app.logger.headers }} - name: PERMIFY_LOG_HEADERS value: {{ join "," .Values.app.logger.headers }} {{- end }} {{- if .Values.app.authn.enabled }} - name: PERMIFY_AUTHN_ENABLED value: "{{ .Values.app.authn.enabled }}" {{- if .Values.app.authn.method }} - name: PERMIFY_AUTHN_METHOD value: "{{ .Values.app.authn.method }}" {{- end }} {{- if .Values.app.authn.preshared }} {{- if .Values.app.authn.preshared.keys }} - name: PERMIFY_AUTHN_PRESHARED_KEYS value: {{ join "," .Values.app.authn.preshared.keys }} {{- else if .Values.app.authn.preshared.keys_secret }} - name: PERMIFY_AUTHN_PRESHARED_KEYS valueFrom: secretKeyRef: name: "{{ .Values.app.authn.preshared.keys_secret }}" key: "preshared_keys" {{- end }} {{- end }} {{- if .Values.app.authn.oidc }} {{- if .Values.app.authn.oidc.issuer }} - name: PERMIFY_AUTHN_OIDC_ISSUER value: "{{ .Values.app.authn.oidc.issuer }}" {{- end }} {{- if .Values.app.authn.oidc.audience }} - name: PERMIFY_AUTHN_OIDC_AUDIENCE value: "{{ .Values.app.authn.oidc.audience }}" {{- end }} {{- if .Values.app.authn.oidc.refresh_interval }} - name: PERMIFY_AUTHN_OIDC_REFRESH_INTERVAL value: "{{ .Values.app.authn.oidc.refresh_interval }}" {{- end }} {{- if .Values.app.authn.oidc.backoff_interval }} - name: PERMIFY_AUTHN_OIDC_BACKOFF_INTERVAL value: "{{ .Values.app.authn.oidc.backoff_interval }}" {{- end }} {{- if .Values.app.authn.oidc.backoff_frequency }} - name: PERMIFY_AUTHN_OIDC_BACKOFF_FREQUENCY value: "{{ .Values.app.authn.oidc.backoff_frequency }}" {{- end }} {{- if .Values.app.authn.oidc.backoff_max_retries }} - name: PERMIFY_AUTHN_OIDC_BACKOFF_RETRIES value: "{{ .Values.app.authn.oidc.backoff_max_retries }}" {{- end }} {{- if .Values.app.authn.oidc.valid_methods }} - name: PERMIFY_AUTHN_OIDC_VALID_METHODS value: {{ join "," .Values.app.authn.oidc.valid_methods }} {{- end }} {{- end }} {{- end }} {{- if .Values.app.tracer.enabled }} - name: PERMIFY_TRACER_ENABLED value: "{{ .Values.app.tracer.enabled }}" {{- if .Values.app.tracer.exporter }} - name: PERMIFY_TRACER_EXPORTER value: "{{ .Values.app.tracer.exporter }}" {{- end }} {{- if .Values.app.tracer.endpoint }} - name: PERMIFY_TRACER_ENDPOINT value: "{{ .Values.app.tracer.endpoint }}" {{- end }} {{- if .Values.app.tracer.insecure }} - name: PERMIFY_TRACER_INSECURE value: "{{ .Values.app.tracer.insecure }}" {{- end }} {{- if .Values.app.tracer.urlpath }} - name: PERMIFY_TRACER_URL_PATH value: "{{ .Values.app.tracer.urlpath }}" {{- end }} {{- if .Values.app.tracer.headers }} - name: PERMIFY_TRACER_HEADERS value: {{ join "," .Values.app.tracer.headers }} {{- end }} {{- end }} {{- if .Values.app.meter.enabled }} - name: PERMIFY_METER_ENABLED value: "{{ .Values.app.meter.enabled }}" {{- if .Values.app.meter.exporter }} - name: PERMIFY_METER_EXPORTER value: "{{ .Values.app.meter.exporter }}" {{- end }} {{- if .Values.app.meter.endpoint }} - name: PERMIFY_METER_ENDPOINT value: "{{ .Values.app.meter.endpoint }}" {{- end }} {{- if .Values.app.meter.insecure }} - name: PERMIFY_METER_INSECURE value: "{{ .Values.app.meter.insecure }}" {{- end }} {{- if .Values.app.meter.urlpath }} - name: PERMIFY_METER_URL_PATH value: "{{ .Values.app.meter.urlpath }}" {{- end }} {{- if .Values.app.meter.headers }} - name: PERMIFY_METER_HEADERS value: {{ join "," .Values.app.meter.headers }} {{- end }} {{- end }} {{- if .Values.app.service.circuit_breaker }} - name: PERMIFY_SERVICE_CIRCUIT_BREAKER value: "{{ .Values.app.service.circuit_breaker }}" {{- end }} {{- if .Values.app.service.watch.enabled }} - name: PERMIFY_SERVICE_WATCH_ENABLED value: "{{ .Values.app.service.watch.enabled }}" {{- end }} {{- if .Values.app.service.schema.cache.number_of_counters }} - name: PERMIFY_SERVICE_SCHEMA_CACHE_NUMBER_OF_COUNTERS value: "{{ .Values.app.service.schema.cache.number_of_counters }}" {{- end }} {{- if .Values.app.service.schema.cache.max_cost }} - name: PERMIFY_SERVICE_SCHEMA_CACHE_MAX_COST value: "{{ .Values.app.service.schema.cache.max_cost }}" {{- end }} {{- if .Values.app.service.permission.concurrency_limit }} - name: PERMIFY_SERVICE_PERMISSION_CONCURRENCY_LIMIT value: "{{ .Values.app.service.permission.concurrency_limit }}" {{- end }} {{- if .Values.app.service.permission.cache.number_of_counters }} - name: PERMIFY_SERVICE_PERMISSION_CACHE_NUMBER_OF_COUNTERS value: "{{ .Values.app.service.permission.cache.number_of_counters }}" {{- end }} {{- if .Values.app.service.permission.cache.max_cost }} - name: PERMIFY_SERVICE_PERMISSION_CACHE_MAX_COST value: "{{ .Values.app.service.permission.cache.max_cost }}" {{- end }} {{- if .Values.app.database.engine }} - name: PERMIFY_DATABASE_ENGINE value: "{{ .Values.app.database.engine }}" {{- end }} {{- if .Values.app.database.uri }} - name: PERMIFY_DATABASE_URI value: "{{ .Values.app.database.uri }}" {{- else if .Values.app.database.uri_secret }} - name: PERMIFY_DATABASE_URI valueFrom: secretKeyRef: name: "{{ .Values.app.database.uri_secret }}" key: "uri" {{- end }} {{- if .Values.app.database.writer }} - name: PERMIFY_DATABASE_WRITER_URI value: "{{ .Values.app.database.writer.uri }}" {{- end }} {{- if .Values.app.database.reader }} - name: PERMIFY_DATABASE_READER_URI value: "{{ .Values.app.database.reader.uri }}" {{- end }} {{- if .Values.app.database.auto_migrate }} - name: PERMIFY_DATABASE_AUTO_MIGRATE value: "{{ .Values.app.database.auto_migrate }}" {{- end }} {{- if .Values.app.database.max_open_connections }} - name: PERMIFY_DATABASE_MAX_OPEN_CONNECTIONS value: "{{ .Values.app.database.max_open_connections }}" {{- end }} {{- if .Values.app.database.max_idle_connections }} - name: PERMIFY_DATABASE_MAX_IDLE_CONNECTIONS value: "{{ .Values.app.database.max_idle_connections }}" {{- end }} {{- if .Values.app.database.max_connection_lifetime }} - name: PERMIFY_DATABASE_MAX_CONNECTION_LIFETIME value: "{{ .Values.app.database.max_connection_lifetime }}" {{- end }} {{- if .Values.app.database.max_connection_idle_time }} - name: PERMIFY_DATABASE_MAX_CONNECTION_IDLE_TIME value: "{{ .Values.app.database.max_connection_idle_time }}" {{- end }} {{- if .Values.app.database.max_data_per_write }} - name: PERMIFY_DATABASE_MAX_DATA_PER_WRITE value: "{{ .Values.app.database.max_data_per_write }}" {{- end }} {{- if .Values.app.database.garbage_collection.enabled }} - name: PERMIFY_DATABASE_GARBAGE_COLLECTION_ENABLED value: "{{ .Values.app.database.garbage_collection.enabled }}" {{- if .Values.app.database.garbage_collection.interval }} - name: PERMIFY_DATABASE_GARBAGE_COLLECTION_INTERVAL value: "{{ .Values.app.database.garbage_collection.interval }}" {{- end }} {{- if .Values.app.database.garbage_collection.timeout }} - name: PERMIFY_DATABASE_GARBAGE_COLLECTION_TIMEOUT value: "{{ .Values.app.database.garbage_collection.timeout }}" {{- end }} {{- if .Values.app.database.garbage_collection.window }} - name: PERMIFY_DATABASE_GARBAGE_COLLECTION_WINDOW value: "{{ .Values.app.database.garbage_collection.window }}" {{- end }} {{- end }} {{- if .Values.app.distributed.enabled }} - name: PERMIFY_DISTRIBUTED_ENABLED value: "{{ .Values.app.distributed.enabled }}" {{- end }} {{- if .Values.app.distributed.address }} - name: PERMIFY_DISTRIBUTED_ADDRESS value: "{{ .Values.app.distributed.address }}" {{- end }} {{- if .Values.app.distributed.port }} - name: PERMIFY_DISTRIBUTED_PORT value: "{{ .Values.app.distributed.port }}" {{- end }} {{- with .Values.extraEnvVars }} {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} {{- else if .Values.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} exec: command: ["grpc_health_probe", "-addr=127.0.0.1:{{ .Values.app.server.grpc.port }}"] {{- end }} {{- if .Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} grpc: port: {{ .Values.app.server.grpc.port }} {{- end }} {{- if .Values.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} grpc: port: {{ .Values.app.server.grpc.port }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.extraVolumeMounts }} volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.extraVolumes }} volumes: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}